When looking at our world it is clear things are getting more and more complex. And people are creating larger and larger systems and also many more systems on a smaller scale. People come up with great ideas of all kinds and go out and implement them. To a significant degree we are in a golden age of systems. We have the tools to create amazing things. But what is often missing from discussions is whether we should - and if we do it what kind of guards we need to put in place to ensure our systems do the right thing.

What is an exploit? Fundamentally an exploit is a way of using a system that wasn't anticipated by the creators or implementors of that system. If we were infallible and could think about every single scenario that could happen to our systems we could protect against any and all exploit out there. However, that is not realistic. So how do we deal with this? The path we need to go towards is one where we design for misuse. And what I mean with that is both at the implementation level, the architectural level and also the functionality level. We definitely need architectures that minimize the amount of misuse that can be done - compartmentalization and least privilige are both ways of dealing with this.

But what about functionality? Say you were designing a new application that allows you to check in at different locations. There are many good things that can be done with an app like that, of course. But lets just think through for a second the negative things that could be done. It allows for whole sale scraping and tracking of people's locations. It can allow for all kinds of mistakes and active abuse. So is this kind of app good or bad? Neither - and maybe it should be made anyway. But it should be created with an appreciation that the features will be misused and that putting out an app like that might do society more bad than it does good.

As usual, we as technologists have a responsibility to think these things through. We can't think about it all, but we should at least consider it before jumping in and starting to build something. Exploits against code is one thing - but exploiting the functionality as it was designed is also a huge concern. This is why things like centralization is important to consider. This is why we should think carefully whether we even want information that we are asking for.